使用 ldap 身份验证的 Geronimo webapp

发布于 2024-09-11 23:49:06 字数 899 浏览 8 评论 0原文

我使用 Apache Geronimo 作为我的应用程序服务器。身份验证是使用 Apache 目录服务通过 LDAP 进行的。我以前没有任何 JavaEE 软件开发经验,所以请放心。如果我需要更详细地解释任何内容,请告诉我。

基本上,我的登录步骤与 geronimo 文档中的这个示例非常相似: https://cwiki.apache.org/GMOxDOC22/ ldap-sample-app-ldap-sample-application.html

当用户尝试登录时,会发生三种不同的行为:

  1. 当用户使用正确的用户名(位于正确的 LDAP 组,它们将被带到站点的安全区域。而且我不确定如何让用户退出网站,直到会话结束。

  2. 当用户使用不在 LDAP 目录中的用户名/密码登录时,用户将被重定向到 /auth/logonError.html?param=test (此位置在“web.xml”中指定)

  3. 当用户使用不属于适当组的正确用户名/密码登录时,他们会被重定向到“HTTP 403 禁止页面”。 ldap 示例底部有此页面的示例。行为应该与未经身份验证的用户相同。

在所有这些情况下,用户无法重试登录过程,直到浏览器重新启动或使用不同的浏览器。这是我遇到的大问题。

我希望发生以下情况。

  1. 经过正确身份验证的用户可以注销,然后尝试再次登录。

    经过
  2. 未正确验证的用户将被重定向到登录屏幕,并被告知重试。

我需要做什么才能实现这一点?感谢您的帮助。

I'm using Apache Geronimo as my application server. And authentication is happening over LDAP using Apache Directory Service. I don't have any previous experience with JavaEE software development, so please take it easy on me. Let me know if I need to explain anything in more detail.

Basically my login step is pretty similar to this example from the geronimo documentation:
https://cwiki.apache.org/GMOxDOC22/ldap-sample-app-ldap-sample-application.html

There are three different behaviors that are happening when a user is trying to login:

  1. When a user logs in with the correct username, which is in the correct ldap group, they are taken to a secure area of the site. And I'm not sure how to log the user out of the site until their session ends.

  2. When a user logs in with a username/password that isn't in the LDAP directory, the user is redirected to /auth/logonError.html?param=test (this location is specified in in 'web.xml')

  3. When a user logs in with a correct username/password that is not in the appropriate group, they are redirected to a "HTTP 403 forbidden page". There is an example of this page at the bottom of the ldap sample. The behavior should be the same as an unauthenticated user.

In all of these cases, there is no way for the user to retry the login process until the browser is restarted or a different browser is used. This is the big problem that I am having.

I would like the following scenarios to happen.

  1. A properly authenticated user can logout, and try to login again.

  2. A improperly authenticated user is redirected to the login screen, and told to try again.

What do I need to do to make this happen? Thanks for your help.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

波浪屿的海角声 2024-09-18 23:49:06

这不是总是会发生吗?你遇到了一个问题,纠结了几天,最后将其发布到 StackOverflow(或任何地方),然后你就相对容易地解决了问题。

我对我的应用程序进行了一些更改,解决了该问题。我正在发布我所做的事情,以防有人从谷歌中偶然发现类似问题。

首先,我创建了一个 servlet(称为 EndSessionServlet)来执行此操作:

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    endSession(request, response);
}

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    endSession(request, response);
}

private void endSession(HttpServletRequest request, HttpServletResponse response) throws IOException{
    request.getSession().invalidate();
    response.sendRedirect(".");
}

然后我将其添加到我的 web.xml 文件中:

<error-page>
 <error-code>403</error-code>
 <location>/EndSessionServlet</location>
</error-page>

我还更改了 web.xml 中的表单错误页面:

<login-config>
<auth-method>FORM</auth-method>
<realm-name>This is not used for FORM login</realm-name>
<form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/EndSessionServlet</form-error-page>
</form-login-config>
</login-config>

我在以下部分中添加了一个链接经过 EndSessionServlet 身份验证的网页。因此,经过身份验证的用户现在可以正确注销。

对于三种情况:

  1. 用户能够正确登录、用户单击 EndSessionServlet 的链接注销
  2. 用户为 ldap 输入有效的用户名/密码,但不在正确的组中。该用户通常会被发送到 403 页面,该页面现在会使会话无效,并重定向到登录页面。
  3. 用户输入无效的用户名/密码并被发送至 ,该地址也设置为 EndSessionServlet。这将结束会话,并将其重定向到登录页面。

所以现在所有场景都运行良好。

Doesn't this always happen. You run into a problem, struggle with it for a few days, finally post it to StackOverflow( or wherever ), and then you solve the problem relatively easily.

I made some changes to my application that fixed the problem. I'm posting what I did in case anyone stumbles across this from google with a similar problem.

First I created a servlet( called EndSessionServlet) that just did this:

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    endSession(request, response);
}

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    endSession(request, response);
}

private void endSession(HttpServletRequest request, HttpServletResponse response) throws IOException{
    request.getSession().invalidate();
    response.sendRedirect(".");
}

And then I added this to my web.xml file:

<error-page>
 <error-code>403</error-code>
 <location>/EndSessionServlet</location>
</error-page>

And I also changed the form-error-page in web.xml:

<login-config>
<auth-method>FORM</auth-method>
<realm-name>This is not used for FORM login</realm-name>
<form-login-config>
  <form-login-page>/login.jsp</form-login-page>
  <form-error-page>/EndSessionServlet</form-error-page>
</form-login-config>
</login-config>

And I added a link in the section of the webpage that is authenticated to the EndSessionServlet. So the authenticated user can now logout properly.

For the three scenarios:

  1. User is able to properly login, the user clicks the link to EndSessionServlet to logout
  2. The User enters a valid username/password for ldap, but is not in the correct group. This user is sent to the 403 page normally, which now invalidates the session, and redirects to the logon page.
  3. The user enters an invalid username/password and is sent to , which is also set to EndSessionServlet. This ends the session, and redirects them to the login page.

So all of the scenarios work fine now.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文